National Security Scheme – ENS

Complies with the National Security Scheme for working with electronic media in the Public Administration in Spain.

From Ingertec we help you in the process of implementation of the standard and compliance with audit requirements.

900 897 931
Request a quote
National Security Scheme ENS

What is the

National Security Scheme (ENS)? 

The ENS consists of the basic principles and minimum requirements necessary for an adequate protection of the information processed and the services provided by the entities within its scope of application, in order to ensure access, confidentiality, integrity, traceability, authenticity, availability and conservation of the data, information and services used by electronic means that they manage in the exercise of their competences.

The National Security Scheme is regulated by Royal Decree 311/2022, of May 3.

The objective of the National Security Scheme is none other than to achieve the confidence of users and organizations in the use of electronic media.

Who must comply with the requirements of the

National Security Scheme (ENS)? 

  • It applies to the entire Spanish public sector.
  • It applies to the information systems of private sector entities when, in accordance with the applicable regulations and by virtue of a contractual relationship, they render services or provide solutions to public sector entities for the exercise by the latter of their competencies and administrative powers.
  • This caution shall also be extended to the supply chain of such contractors, to the extent necessary and in accordance with the results of the corresponding risk analysis.
  • The administrative or technical specifications of the contracts entered into by the public sector entities included in the scope of application of this Royal Decree shall contemplate all those requirements necessary to ensure compliance with the ENS of the information systems on which the services provided by the contractors are based.

Benefits of Certification in

National Security Scheme (ENS)? 

  • To be able to work with the public administration and provide them with services.
  • Guarantee the security of our systems.
  • Reduce vulnerabilities.
  • Promote continuous monitoring through the implementation of security measures.
  • Compliance with legal requirements for Public Administrations.
  • Achieving greater confidence among users in the use of electronic media.
  • Establishment of a common language of danger.
  • Use of guides and tools for Information Security.

What type of services are affected?

It affects the information systems used for the provision of public services.

Deadlines to comply with the  national security scheme?

As of 05.05.2024, certificates issued against RD 3/2010 will no longer have the status of accredited.

Public and private entities that provide services or solutions to public entities have 24 months (until 05/05/2024) to certify the conformity of information systems with the ENS.

National Security Scheme ENS

Are external audits necessary in the national security scheme?

  • In the case of systems/services whose category is MEDIUM or HIGH level, ENS imposes the need to pass a biennial audit, carried out by an entity accredited by ENAC and the CCN.
  • This requirement is lowered when systems categorized as LOW level are being evaluated, in which case ENS does not prescribe any audit, but a self-assessment (Declaration of Conformity with ENS) may be sufficient.

Are you prepared for information security threats?

Request a quote

Complete this form and you will instantly receive an estimate of our services in your email.